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Amendments to the Specification: 

Please replace paragraph [0054] with the following 
rewritten paragraph: 

[0054] Turning now to FIG. 10, a flow diagram that illustrates 
a method for generating a credential in accordance with one 
embodiment of the present invention is presented. Figure 10 
provides more detail for reference numeral 800 of FIG. 8. At 
1000, a credential authority receives a credential request 
including one or more supporting credentials. The supporting 
credentials may include credentials created previously by the 
credential authority. The supporting credentials may also 
include credentials created previously by another credential 
authority. At 1005, the credentials are processed. At 1010, a 
determination is made regarding whether the credentials were 
processed successfully. If the credentials were not processed 
successfully, a failure is registered at 1015 and a failure 
policy is applied at 1020. The failure policy specifies 
actions to be performed when a failure is detected. An 
exemplary failure policy performs a user notification function 
when the error is detected. 

Please replace paragraph [0058] with the following 
rewritten paragraph: 

[0058] Turning now to FIG. 12, a flow diagram that 
illustrates a method for applying credential evaluation 
policies in accordance with one embodiment of the present 
invention is presented. Figure 12 provides more detail for 
reference numeral 1110 of FIG. 11. As discussed above, the 
unique identifying information of a credential may be stored 
separately from the rest of the credential data. Thus, at 1200 
c^m^v, a determination is made regarding whether credential data is 
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in the credential, the credential data is obtained at 1205. If 
credential data is included in the credential, a determination 
is made at 1210 regarding whether all embedded credentials that 
are needed are included in the credential. If not all such 
credentials are included, the needed credentials are obtained 
at 1215. If all needed credentials are included, a 
determination is made at 122 0 regarding whether any data in the 
credential must be unsealed. The credential data to be 
unsealed may include nested credential data. If data must be 
unsealed, it is unsealed at 1225. If no data needs to be 
unsealed, at 1230 a determination is made regarding whether the 
credential data is valid. If the data is invalid, the process 
ends with a failure indication at 1240 1245 . If the data is 
valid, the process ends successfully at 1240. 

Please replace paragraph [0071] with the following 
rewritten paragraph: 

[0071] Turning now to FIG. 17, a block diagram that 
illustrates assigning multiple sets of user data for identities 
in accordance with one embodiment of the present invention is 
presented. As shown in FIG. 17, the user data 1704- 1720 1721 is 
stored in secure user data storage 1702. Secure user data 
storage 1702 is controlled by a user (user-controlled) . The 
user data 1704- 1720 1721 may include encrypted data and/or 
authenticated data. Secure user data storage 1702 may comprise 
a portable device such as a cell phone, PDA or smart card or 
the like. Secure user data storage 1702 may also comprise a 
file on a Web server or other computer. 
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Please replace paragraph [0074] with the following 
rewritten paragraph: 

[0074] According to embodiments of the present invention, user 
enrollment data includes user authentication information used 
for subsequent visits to a service provider Web site. In other 
words, the service provider-specific user or a reference to the 
user data data is presented to the service provider Web site 
whenever the user data set is used to visit the same service 
provider Web site. The user authentication requirements of a 
particular service provider Web site will determine whether 
additional user authentication is required. For example, the 
stored user authentication data may suffice for a repeat visit 
to an Internet-based email site, but signing into a military 
Web site may require additional user authentication measures 
such as biometrics each time the site is visited, regardless of 
the stored user authentication data. 



Please replace paragraph [0083] with the following 
rewritten paragraph: 

[0083] Turning now to FIG. 21, a flow diagram that illustrates 
a method for providing a service in accordance with one 
embodiment of the present invention is presented. Figure 21 
provides more detail for reference numeral 2060 of FIG. 20. At 
2100, user data is received. At 2105, one or more Web pages at 
a Web site 4r& are customized based on the user data stored on a 
user-controlled device. 



Please replace paragraph [0087] with the following 
rewritten paragraph: 



[0087] Turning now to FIG. 24, a block diagram that 
GUNNISON. McKAY & illustrates assiqninq multiple credentials for identities in 

HODGSON. L.L.P. 
Garden Wcsi Office Plaza 
1900 Garden Road. Suite 220 
Monterey. CA 93940 

(831)655-0880 
Fax (83 1) 655-0888 



Page 4 of 16 



Appl. No. 10/040,270 
Amdt. dated June 12, 2 0 06 

Reply to Office Action of February 10, 2006 



accordance with one embodiment of the present invention is 
presented. Figure 24 is similar to FIG. 17, except that 
service credentials 2404- 2420 2421 are stored in the secure 
device 2402. In other words, the service credentials 2404- 
2420 2421 of FIG. 24 are based upon and contain, directly or 
indirectly, the user data 1704- 1720 1721 of FIG. 17. 

Please replace paragraph [0147] with the following 
rewritten paragraph: 

[0147] A service credential is a one-time token for a session 
with a specific server that may be obtained by applying a logon 
credential when accessing a service, while a logon credential 
may be used for multiple simultaneous sessions for multiple 
service providers. A service provider creates a service 
credential for its own use. A service credential may be 
applied to obtain further specific services, either for 
immediate use or fulfillment, or for postponed use or 
fulfillment. If the service credential is applied for 
immediate use of a service, a fulfillment credential 3925 may 
be dynamically created to satisfy the requested use. Reference 
numeral 3 93 9 represents the consumption or use of the 
fulfillment credential, after which time the fulfillment 
credential can no longer be used and can be discarded. 

Please replace paragraph [0166] with the following rewritten 
paragraph: 



GUNNISON, McKAY & 

HODGSON, L.L.P. 
Garden Wcsi Office Plaza 
1 900 Garden Road. Suite 220 
Monterey. CA 93940 

(831)655-0880 
Fax (831) 655-0888 



[0166] One example of a use of this embodiment is where the 
resource is requested by a third party (such as a merchant 
accessing user data) that is not the owner but has permission 
of the owner to access the resource. In this case, it is 
possible that when the resource owner enrolls, the resource 
owner may authorize the third party to access the owner's 
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credential and copy it into the third party's credential 
mechanism, thus providing the third party with indirect access 
to the resource protected by the credential. A second rights 
key ID may be associated with the resource referring to the 
rights key credential held by the owning user. 
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